The annotated tag OpenSSL_1_0_2i has been created at c3b111de3699ae812738e61c6b01101ea6a12b74 (tag) tagging 32c130160f7dac2cef5d0e30d94b335e4a87104d (commit) replaces OpenSSL_1_0_2h tagged by Matt Caswell on Thu Sep 22 11:24:53 2016 +0100
- Log ----------------------------------------------------------------- OpenSSL 1.0.2i release tag -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJX47F1AAoJENnE0m0OYESRc3sIAI79tKT3pLjuUua0+24tw8B8 Va/LslUflHIv9Ajt2Zr/erB9eVPBshVdMaTsaoHbYtKsNqHby7BKxmIpUfQQ+0ZQ YmWOFvHt2r5sUKMSTHldT2rY27M7v9LIIwxOL0BWSQ+odtxFMK8UxWwTBdKDKsaL c1+SGHiw7m2Eqqkc/RLGM5mc2EflnG0I3UDTMTAazzaev6SPDiN1F+bR3tqI6VMt DE0+5qYxlmgbJw0ndTUjqj4sH7bv7b3c2mR/DyE7AsrwVvUDq0siYi9BNTNn0aV8 O5sRNsioqdEoZ/o/nil3FIsfdsgnOoOXxUpe69nSBExjsSRpB8IcvUlT3nIFsBA= =2QfE -----END PGP SIGNATURE----- Alessandro Ghedini (1): Avoid double declaration of COMP_METHOD Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1083) Andy Polyakov (16): rand/randfile.c: remove _XOPEN_SOURCE definition. hmac/hmac.c: switch to OPENSSL_cleanse. crypto/mem_clr.c: switch to OPENSSL_cleanse implementation from master. crypto/mem.c: drop reference to cleanse_ctr and fix no-asm builds. crypto/sparccpuid.S: limit symbol visibility. aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure. aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines. doc/crypto/OPENSSL_ia32cap.pod: harmonize with actual declaration. SPARC assembly pack: enforce V8+ ABI constraints. sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows. ec/ecp_nistz256.c: get is_one on 32-bit platforms right. bn/asm/x86[_64]-mont*.pl: implement slightly alternative page-walking. ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction. ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity. ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize cmovb. crypto/bn/*: x86[_64] division instruction doesn't handle constants, change constraint from 'g' to 'r'. Cesar Pereida (1): Fix DSA, preserve BN_FLG_CONSTTIME Cristian Stoica (1): remove double initialization of cryptodev engine Cynh (1): Fix SRP client key computation David Benjamin (2): Don't send signature algorithms when client_version is below TLS 1.2. Don't check for malloc failure twice. David Woodhouse (4): Fix SSL_export_keying_material() for DTLS1_BAD_VER Fix ubsan 'left shift of negative value -1' error in satsub64be() Add basic test for Cisco DTLS1_BAD_VER and record replay handling Avoid EVP_PKEY_cmp() crash on EC keys without public component Dirk Feytons (1): Fix build with no-cmac Dmitry Belyavsky (1): Avoid KCI attack for GOST Dr. Matthias St. Pierre (1): RT3925: Remove trailing semi from #define's. Dr. Stephen Henson (50): add documentation Fix double free in d2i_PrivateKey(). Fix name length limit check. Always try to set ASN.1 parameters for CMS. Use default ASN.1 for SEED. Only set CMS parameter when encrypting Tidy up PKCS12_newpass() fix memory leaks. Constify PKCS12_newpass() Only call FIPS_update, FIPS_final in FIPS mode. Typo. Add -signcert to CA.pl usage message. Parameter copy sanity checks. Don't skip leading zeroes in PSK keys. Fix link error. Fix omitted selector handling. Don't indicate errors during initial adb decode. Fix print of ASN.1 BIGNUM type. Check and print out boolean type properly. Support PKCS v2.0 print in pkcs12 utility. Send alert on CKE error. Sanity check in ssl_get_algorithm2(). Clarify digest change in HMAC_Init_ex() Fix OOB read in TS_OBJ_print_bio(). Send alert for bad DH CKE Use newest CRL. Set error if EVP_CipherUpdate fails. Note cipher BIO write errors too. Fix CRL time comparison. Check for overlows and error return from ASN1_object_size() Check for overflows in ASN1_object_size(). include <limits.h> Calculate sequence length properly. Limit status message sisze in ts_get_status_check Check for overflows in i2d_ASN1_SET() Limit recursion depth in old d2i_ASN1_bytes function Leak fixes. Sanity check input length in OPENSSL_uni2asc(). Check for errors in a2d_ASN1_OBJECT() Check for errors in BN_bn2dec() Limit reads in do_b2i_bio() Sanity check ticket length. Avoid overflow in MDC2_Update() Fix memory leak on error. Fix memory leak on error. Fix memory leak on realloc error. update default dependencies Fix small OOB reads. Remove unnecessary check. Use SSL3_HM_HEADER_LENGTH instead of 4. Make message buffer slightly larger than message. FdaSilvaYY (2): Fix some missing inits Fix a few leaks in X509_REQ_to_X509. Fix a possible leak on NETSCAPE_SPKI_verify failure. John Foley (1): RT3752: Add FIPS callback for thread id Jonas Maebe (1): cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors Kazuki Yamaguchi (1): Fix overflow check in BN_bn2dec() Kurt Roeckx (2): Return error when trying to print invalid ASN1 integer Fix off by 1 in ASN1_STRING_set() Marcus Meissner (1): initialize the RSA struct to 0. Matt Caswell (49): Prepare for 1.0.2i-dev Fix BIO_eof() for BIO pairs Fix SSL compression symbol exporting Remove repeated condition from if in X509_NAME_oneline Fix a double free in tls1_setup_key_block Check that the obtained public key is valid Fix error return value in SRP functions Fix a mem leak on an error path in OBJ_NAME_add() The ssl3_digest_cached_records() function does not handle errors properly Check for malloc failure in EVP_PKEY_keygen() Avoid some undefined pointer arithmetic Update CONTRIBUTING BIO_printf() can fail to print the last character Fix documentation error in x509 app certopt flag More fix DSA, preserve BN_FLG_CONSTTIME Fix BN_mod_word bug Add a BN_mod_word test() Fix seg fault in TS_RESP_verify_response() Fix an error path leak in do_ext_nconf() Fix an error path leak in int X509_ATTRIBUTE_set1_data() Revert "RT4526: Call TerminateProcess, not ExitProcess" Fix ASN1_STRING_to_UTF8 could not convert NumericString Ensure HMAC key gets cleansed after use Change usage of RAND_pseudo_bytes to RAND_bytes Convert memset calls to OPENSSL_cleanse Avoid an overflow in constructing the ServerKeyExchange message Disallow multiple protocol flags to s_server and s_client Back port ssltestlib code to 1.0.2 Add a DTLS unprocesed records test Fix DTLS unprocessed records bug Add DTLS replay protection test Fix DTLS replay protection Update function error code Silence some "maybe used uninitialised" warnings Fix DTLS buffered message DoS attack Prevent DTLS Finished message injection Fix no-ec Fix the no-tls1 option SRP_create_verifier does not check for NULL before OPENSSL_cleanse Ensure the CertStatus message adds a DTLS message header where needed Abort on unrecognised warning alerts Add some sanity checks around usage of t_fromb64() Revert "Abort on unrecognised warning alerts" Fix a missing NULL check in dsa_builtin_paramgen Don't allow too many consecutive warning alerts Fix OCSP Status Request extension unbounded memory growth Fix a mem leak in NPN handling Updates CHANGES and NEWS for new release Prepare for 1.0.2i release Orgad Shaneh (1): Fix compilation with CMS disabled Pauli (1): RT4573: Synopsis for RAND_add is wrong Phillip Hellewell (1): RT3053: Check for NULL before dereferencing Rich Salz (21): GH837: Avoid double-free in OCSP parse. Recommend GH over RT, per team vote. RT4560: Initialize variable to NULL RT4562: Backport doc fix. RT4546: Backport doc fix RT4526: Call TerminateProcess, not ExitProcess RT4545: Backport 2877 to 1.0.2 RT2964: Fix it via doc Revert "RT2964: Fix it via doc" RT2964: Fix it via doc Add missing casts. Fix NULL-return checks in 1.0.2 RT3940: For now, just document the issue. Fix incorrect return argument. Fix pointer/alloc prob from previous commit RT2676: Reject RSA eponent if even or 1 SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM Misc BN fixes Make update GH1555: Don't bump size on realloc failure Dcoument -alpn flag Richard Levitte (54): Check return of PEM_write_* functions and report possible errors Add NULL check in i2d_PrivateKey() Use RPMBUILD macros rather than hard coded paths in openssl.spec Windows: Add CRYPT32.LIB to the libraries to link your app with Documentation: Clarify sizes for UI_add_input_string() Add support for RC / WINDRES env variables Add missing initialiser in e_chil.c Don't require any length of password when decrypting Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex() make update Document the esc_2254 command line name option Refresh seldom used C generating scripts to current C standard Run the refreshed scripts Fix util/mkerr.pl Cleanup openssl.ec Revert "Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()" Revert "make update" Revert "Document the esc_2254 command line name option" openssl verify: only display the command usage on usage errors Always check that the value returned by asn1_do_adb() is non-NULL Change (!seqtt) to (seqtt == NULL) apps/req.c: Increment the right variable when parsing '+' Fix missing opening braces Check that the subject name in a proxy cert complies to RFC 3820 Fix proxy certificate pathlength verification Allow proxy certs to be present when verifying a chain Fix ASN.1 private encode of EC_KEY to not change the input key Remove the silly CVS markers from LPdir_*.c Don't check any revocation info on proxy certificates make update to have PEM_R_HEADER_TOO_LONG defined VMS: synchronise tests with Unix evp_test.c: avoid warning from having a pointer difference returned as int VSI submission: avoid pointer size warnings in mem.c VSI submission: make better use of item lists in o_time.c VSI submission: RAND fixups Have dtlstest run on VMS as well ssltestlib: Tell compiler we don't care about the value when we don't Make 'openssl req -x509' more equivalent to 'openssl req -new' GOST: rearrange code so it's more like C rather than C++ VMS: Use strict refdef extern model when building library object files mk1mf: dtlstest needs ssltestlib, include it with a hack Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c If errno is ENXIO in BSS_new_file(), set BIO_R_NO_SUCH_FILE Add enginesdir to libcrypto.pc pkg-config file VMS: only use _realloc32 with /POINTER_SIZE=32 VSI submission: redirect terminal input through socket Add copyright and license on apps/vms_term_sock.[ch] Remove entirely unnecessary pointer size guards Reformat to fit OpenSSL source code standards Refactor to avoid unnecessary preprocessor logic Finally, make sure vms_term_sock.c is built RT4669: dgst can only sign/verify one file apps/apps.c: include sys/socket.h to declare recv() mk1mf.pl: check for no-tls1 here as well Steven Valdez (1): Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c Todd Short (2): OCSP_request_add0_id() inconsistent error return Always use session_ctx when removing a session Viktor Dukhovni (3): Fix i2d_X509_AUX and update docs Clarify negative return from X509_verify_cert() Ensure verify error is set when X509_verify_cert() fails isnotnick (1): RT3513: req doesn't display attributes using utf8string ----------------------------------------------------------------------- _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits